Re: Next steps for accessible authentication from Alastair Campbell on 2017-06-25 (w3c-wai-gl@w3.org from April to June 2017)

From: Alastair Campbell <acampbell@nomensa.com>
Date: Sun, 25 Jun 2017 08:17:54 +0000
To: "White, Jason J" <jjwhite@ets.org>
CC: "public-cognitive-a11y-tf@w3.org" <public-cognitive-a11y-tf@w3.org>, WCAG <w3c-wai-gl@w3.org>
Message-ID: <DB6PR0901MB0919CA442332569A206BC6D8B9DE0@DB6PR0901MB0919.eurprd09.prod.outlook.>

[Jason] Some organizations (such as financial institutions) may have good security reasons to disallow password managers.

Just to note that the new NIST advice [1] came out on the 22nd:
"Verifiers SHOULD permit claimants to use “paste” functionality when entering a memorized secret. This facilitates the use of password managers, which are widely used and in many cases increase the likelihood that users will choose stronger memorized secrets." [2]

I assume it will take a while to filter through, but is NIST an organisation that places like banks would listen to in the US?

Cheers,

Alastair

1] https://www.nist.gov/itl/tig/special-publication-800-63-3
2] http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63b.pdf

Received on Sunday, 25 June 2017 08:18:32 UTC